Are you compliant? Use Azure Security Center to make sure that you are!

The fact that Azure has been certified according to 70+ different standards makes little to no difference if you as a customer have no idea how to configure your environment to be compliant. If you need help there are blueprints available.

With the new functionality now in preview you can easily see if your Azure deployment is in line with the certification you’re striving for.

The overview page shows you directly how your deployment aligns with various standards. In my case I’m passing 11 out of 16 checks for PCI DSS 3.2. If I need to process credit card data I’d be dead in the water, but now I can quickly see what I’ve missed for example.

Azure Security Center overview – click “Regulatory Compliance overview (preview) in the middle column

Looking closer at our security posture at the moment I’ve drilled down a bit further, in this case selecting “Azure CIS” as the regulation I’d like to compare to. We can see a number of red areas where we obviously aren’t compliant. At this moment in time it doesn’t matter if you work in IT or not, if you see this you can easily figure out that you’re not.

An overview of how the security posture looks compared to “Azure CIS”. Not that good considering it’s all red…

The last step is to drill down into the areas that are red. This gives us detailed instructions on how to remediate the things we’re failing at. In the picture below we can see that we’ll need to enable disk encryption.

Applying disk encryption seems like a good idea, doesn’t it? Clicking the link will take you to the page giving you detailed instructions on how to do it.

This feature in the Security Center will be improved over time and will (probably) let you filter on the compliance standards you want to see, hence not checking the ones you don’t really care about.

You can find all the documention on Azure Security Center over at

How are you using Security Center today? Let me know in the comments!

Leave a Reply

Your email address will not be published. Required fields are marked *